/**
* Deploys a .gar archive to the Registry path in REGISTRY_GADGET_STORAGE_PATH
*
* @param deploymentFileData - info about the deployed file
* @throws DeploymentException - error while deploying .gar archive
*/
public void deploy(DeploymentFileData deploymentFileData) throws DeploymentException {
try {
// int tenantId;
// try {
// tenantId =
// MultitenantUtils.getTenantId(DashboardContext.getConfigContext());
// } catch (Exception e) {
// throw new DeploymentException(e);
// }
UserRegistry registry = getRegistry(tenantID);
// Extracting archive
String extractedArchiveDir = extractGarArchive(deploymentFileData.getAbsolutePath());
// Set permission for anonymous read. We do it here because it should happen always in order
// to support mounting a remote registry.
if (registry != null) {
AuthorizationManager accessControlAdmin = registry.getUserRealm().getAuthorizationManager();
if (!accessControlAdmin.isRoleAuthorized(
CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME,
RegistryConstants.CONFIG_REGISTRY_BASE_PATH + REGISTRY_GADGET_STORAGE_PATH,
ActionConstants.GET)) {
accessControlAdmin.authorizeRole(
CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME,
RegistryConstants.CONFIG_REGISTRY_BASE_PATH + REGISTRY_GADGET_STORAGE_PATH,
ActionConstants.GET);
}
File gadgetsDir = new File(extractedArchiveDir);
if (gadgetsDir.exists()) {
beginFileTansfer(gadgetsDir, tenantID);
log.info(
"Successfully populated gadgets from archive ."
+ deploymentFileData.getAbsolutePath()
+ " to the registry.");
} else {
log.info("Couldn't find contents at '" + extractedArchiveDir + "'. Giving up.");
}
}
} catch (RegistryException e) {
throw new DeploymentException("An error occured while deploying gadget archive", e);
} catch (CarbonException e) {
throw new DeploymentException("An error occured while deploying gadget archive", e);
} catch (UserStoreException e) {
throw new DeploymentException("An error occured while deploying gadget archive", e);
}
}
private static void transferDirectoryContentToRegistry(
File rootDirectory, Registry registry, String rootPath, int tenantId) throws Exception {
try {
File[] filesAndDirs = rootDirectory.listFiles();
List<File> filesDirs = Arrays.asList(filesAndDirs);
for (File file : filesDirs) {
if (!file.isFile()) {
// This is a Directory add a new collection
// This path is used to store the file resource under registry
String directoryRegistryPath =
REGISTRY_GADGET_STORAGE_PATH
+ file.getAbsolutePath().substring(rootPath.length()).replaceAll("[/\\\\]+", "/");
// If the collection exists no need to create it. If not, create.
if (!registry.resourceExists(directoryRegistryPath)) {
Collection newCollection = registry.newCollection();
registry.put(directoryRegistryPath, newCollection);
}
// Set permission for anonymous read. We do it here because it should happen always in
// order
// to support mounting a remote registry.
UserRegistry userRegistry = getRegistry(tenantId);
AuthorizationManager accessControlAdmin =
userRegistry.getUserRealm().getAuthorizationManager();
if (!accessControlAdmin.isRoleAuthorized(
CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME,
RegistryConstants.CONFIG_REGISTRY_BASE_PATH + REGISTRY_GADGET_STORAGE_PATH,
ActionConstants.GET)) {
accessControlAdmin.authorizeRole(
CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME,
RegistryConstants.CONFIG_REGISTRY_BASE_PATH + REGISTRY_GADGET_STORAGE_PATH,
ActionConstants.GET);
}
// recurse
transferDirectoryContentToRegistry(file, registry, rootPath, tenantId);
} else {
// Adding gadget to the gadget browser: gadget conf.xml need to be present
if (file.getName().equals(GADGET_CONF_FILE)) {
FileInputStream fis = new FileInputStream(file);
XMLInputFactory xif = XMLInputFactory.newInstance();
XMLStreamReader reader = xif.createXMLStreamReader(fis);
StAXOMBuilder builder = new StAXOMBuilder(reader);
OMElement omEle = builder.getDocumentElement();
String gadgetName = omEle.getFirstChildWithName(new QName("name")).getText();
String gadgetPath = omEle.getFirstChildWithName(new QName("path")).getText();
String gadgetDesc = omEle.getFirstChildWithName(new QName("description")).getText();
Resource res = registry.newResource();
res.setProperty(DashboardConstants.GADGET_NAME, gadgetName);
res.setProperty(DashboardConstants.GADGET_DESC, gadgetDesc);
res.setProperty(DashboardConstants.GADGET_URL, gadgetPath);
registry.put(
DashboardConstants.SYSTEM_GADGETREPO_REGISTRY_ROOT
+ DashboardConstants.GADGETS_COL
+ "/"
+ gadgetName,
res);
} else {
// Add this to registry
addToRegistry(rootPath, file, tenantId);
}
}
}
} catch (Exception e) {
log.error(e.getMessage(), e);
throw new Exception(e);
}
}
public void doAuthorizationStuff() throws Exception {
AuthorizationManager authMan = realm.getAuthorizationManager();
UserStoreManager usWriter = realm.getUserStoreManager();
usWriter.addRole("rolex", new String[] {"saman", "amara"}, null);
usWriter.addRole("roley", null, null);
authMan.authorizeRole("rolex", "wall", "write");
authMan.authorizeRole("roley", "table", "write");
authMan.authorizeUser("sunil", "wall", "read");
assertTrue(authMan.isUserAuthorized("saman", "wall", "write"));
assertTrue(authMan.isUserAuthorized("sunil", "wall", "read"));
assertTrue(authMan.isRoleAuthorized("roley", "table", "write"));
assertFalse(authMan.isUserAuthorized("saman", "wall", "read"));
assertFalse(authMan.isUserAuthorized("sunil", "wall", "write"));
authMan.clearUserAuthorization("sunil", "wall", "read");
authMan.clearRoleAuthorization("roley", "table", "write");
authMan.clearResourceAuthorizations("wall");
assertFalse(authMan.isUserAuthorized("saman", "wall", "write"));
assertFalse(authMan.isUserAuthorized("sunil", "wall", "read"));
assertFalse(authMan.isRoleAuthorized("roley", "table", "write"));
}
public void doAuthorizationStuff() throws Exception {
AuthorizationManager authMan = realm.getAuthorizationManager();
UserStoreManager usWriter = realm.getUserStoreManager();
usWriter.addRole("rolex", new String[] {"saman", "amara"}, null);
usWriter.addRole("roley", null, null);
authMan.authorizeRole("rolex", "wall", "write");
authMan.authorizeRole("roley", "table", "write");
try {
authMan.authorizeRole(null, "wall", "write");
fail("Exception at authorizing a role with Null role");
} catch (Exception e) {
// exptected error in negative testing
if (log.isDebugEnabled()) {
log.debug("Expected error, hence ignored", e);
}
}
try {
authMan.authorizeRole("rollee", null, "write");
fail("Exception at authorizing a role with Null resourceID");
} catch (Exception e) {
// exptected error in negative testing
}
try {
authMan.authorizeRole("rollee", "wall", null);
fail("Exception at authorizing a role with Null action");
} catch (Exception e) {
// exptected error in negative testing
if (log.isDebugEnabled()) {
log.debug("Expected error, hence ignored", e);
}
}
try {
authMan.authorizeRole("rolleex", "wall", "run");
fail("Exception at authorizing a role with Invalid action");
} catch (Exception e) {
// exptected error in negative testing
if (log.isDebugEnabled()) {
log.debug("Expected error, hence ignored", e);
}
}
// ***authorize user
authMan.authorizeUser("sunil", "wall", "read");
try {
authMan.authorizeUser(null, "wall", "read");
fail("Exception at authorizing a user with Null name");
} catch (Exception e) {
// exptected error in negative testing
if (log.isDebugEnabled()) {
log.debug("Expected error, hence ignored", e);
}
}
try {
authMan.authorizeUser("isuru", null, "read");
fail("Exception at authorizing a user with Null resourceID");
} catch (Exception e) {
// exptected error in negative testing
if (log.isDebugEnabled()) {
log.debug("Expected error, hence ignored", e);
}
}
try {
authMan.authorizeUser("isuru", "wall", null);
fail("Exception at authorizing a user with Null action");
} catch (Exception e) {
// exptected error in negative testing
if (log.isDebugEnabled()) {
log.debug("Expected error, hence ignored", e);
}
}
try {
authMan.authorizeUser("isuru", "wall", "run");
fail("Exception at authorizing a user with Invalid action");
} catch (Exception e) {
// exptected error in negative testing
if (log.isDebugEnabled()) {
log.debug("Expected error, hence ignored", e);
}
}
assertTrue(authMan.isUserAuthorized("saman", "wall", "write"));
assertTrue(authMan.isUserAuthorized("sunil", "wall", "read"));
assertTrue(authMan.isRoleAuthorized("primary/roley", "table", "write"));
assertFalse(authMan.isRoleAuthorized("roley", "chair", "write"));
assertFalse(authMan.isUserAuthorized("saman", "wall", "read"));
assertFalse(authMan.isUserAuthorized("sunil", "wall", "write"));
assertFalse(authMan.isUserAuthorized("isuru", "wall", "write"));
try {
boolean b = authMan.isUserAuthorized("isuru", "wall", "run");
fail("Exception at check authorization of a user with Invalid action");
} catch (Exception e) {
// exptected error in negative testing
if (log.isDebugEnabled()) {
log.debug("Expected error, hence ignored", e);
}
}
String[] AllowedRolesForResource = authMan.getAllowedRolesForResource("wall", "write");
assertEquals(1, AllowedRolesForResource.length);
// assertEquals(2,authMan.getAllowedUsersForResource("wall", "write").length);
// String[] AllowedUsersForResource = authMan.getAllowedUsersForResource("wall", "read");
// assertEquals(1, AllowedUsersForResource.length);
authMan.clearUserAuthorization("sunil", "wall", "read");
try {
authMan.clearUserAuthorization("isuru", "wall", "run");
fail("Exception at clear user authorization");
} catch (Exception e) {
if (log.isDebugEnabled()) {
log.debug("Expected error, hence ignored", e);
}
}
try {
authMan.clearUserAuthorization(null, "wall", "run");
fail("Exception at clear user authorization");
} catch (Exception e) {
if (log.isDebugEnabled()) {
log.debug("Expected error, hence ignored", e);
}
}
try {
authMan.clearUserAuthorization("isuru", null, "run");
fail("Exception at clear user authorization");
} catch (Exception e) {
if (log.isDebugEnabled()) {
log.debug("Expected error, hence ignored", e);
}
}
try {
authMan.clearUserAuthorization("isuru", "wall", null);
fail("Exception at clear user authorization");
} catch (Exception e) {
if (log.isDebugEnabled()) {
log.debug("Expected error, hence ignored", e);
}
}
authMan.clearRoleAuthorization("roley", "table", "write");
try {
authMan.clearRoleAuthorization(null, "table", "write");
fail("Exception at clear role authorization");
} catch (Exception e) {
if (log.isDebugEnabled()) {
log.debug("Expected error, hence ignored", e);
}
}
try {
authMan.clearRoleAuthorization("roleee", null, "write");
fail("Exception at clear role authorization");
} catch (Exception e) {
if (log.isDebugEnabled()) {
log.debug("Expected error, hence ignored", e);
}
}
try {
authMan.clearRoleAuthorization("roleee", "table", null);
fail("Exception at clear role authorization");
} catch (Exception e) {
if (log.isDebugEnabled()) {
log.debug("Expected error, hence ignored", e);
}
}
authMan.clearResourceAuthorizations("wall");
try {
authMan.clearResourceAuthorizations(null);
fail("Exception at clear Resource Authorizations");
} catch (Exception e) {
if (log.isDebugEnabled()) {
log.debug("Expected error, hence ignored", e);
}
}
assertFalse(authMan.isUserAuthorized("saman", "wall", "write"));
assertFalse(authMan.isUserAuthorized("sunil", "wall", "read"));
assertFalse(authMan.isRoleAuthorized("roley", "table", "write"));
}
